Module 1

Enterprise Architecture
 ENCOR (350-401) Topics RID: [Link]
R1
Gig 0/1
.1

[Link] /24

.2
•Enterprise Architecture Gig 0/1

AS 65001
RID: [Link]
R2
•Virtualization Technologies Gig 0/2
.2
[Link] /24

•Infrastructure Technologies
.1 Lo1:
Gig 0/1 [Link]/64

RID: [Link]
R3
•Network Management

.5
0/ 1

Gig
.
2

20

0/
00
Gig

3
:2::

19
30

1/6

8.5
.0 /

100
•Network Security

1.1
00

ps

00
Mb [Link]
1.1

Mb

.4 / Gig 0
ps
8.5

20
10

30
0
19
•Network Automation

/1

2/6
0
AS 65002

.6
.2
Gig
AS 65004

/1
RID: [Link] RID: [Link]
ISP1 ISP2
•Exam Preparation
Gi
.1 g 0/ 0 /2
g .6
2 Gi
20 Gi 2 30

[Link]/64
Lo1:
3.0 RID: [Link] /
g0
/1 g 0/ .4
.11 Gi 13
3.0 .2 .5 .1
/3 3.0
0 INET 20
AS 65003
Your Instructor
• Kevin Wallace

• CCIEx2 Emeritus #7945 (Collaboration and R/S)

• Working with Cisco gear since 1989

• Taught courses with a CLP for nearly 14 years

• Network Design Specialist at Walt Disney World

• Written a bunch of books & made a ton of video courses for Cisco Press

• 2x Cisco Live Distinguished Speaker

 Enterprise Network
Design Considerations
 Three-Tier vs. Collapsed Core Architectures
Internet

Collapsed Core
Core Layer
Layer

Distribution
Collapsed
Three-Tier
CoreArchitecture
Architecture
Layer A two-tier
A network
topology
topology
wheredivided
the Core
into and
the Access,
Distribution
Layers
Distribution,
have been
and consolidated.
Core layers.

Access Layer
 Spine-Leaf Design for Data Centers
Logically, One Switch

Spine Switches

Leaf Switches

Nodes
 On-Premise vs. Cloud Designs

Internet
VPN

Private WAN
MPLS
Metro Ethernet

Enterprise Cloud Provider

 On-Premise vs. Cloud Designs

Considerations
• With a Cloud deployment, there’s no need to maintain local redundant power or hardware.
• With a Cloud deployment, you pay for resource usage instead of purchasing physical hardware.

• With an On-Premise deployment, it might be easier to meet compliance requirements.

• With an On-Premise deployment, it might be easier to maintain a good user experience.

• Many deployments, called Hybrid deployments, combine both On-Premise and Cloud deployments.
 Fabric Capacity Planning

• How much data do we need to push

through a data center switch?

• How much data can we push through

a specific hardware configuration?

Nexus 7000 Series Switches • What is the anticipated bandwidth

demand increase over time?
Fabric Capacity Planning

Nexus 7000 Series Switches

 Fabric Capacity Planning

Nexus 7000 Series Switches

Switch BW Capacity = (Inter-slot Switching Capacity * Number of I/O Slots) + [(Number of SE Modules * Inter-slot Switching Capacity) / 2]

Switch BW Capacity = (550 Gbps * 16) + [(2 * 550 Gbps) / 2]

Switch BW Capacity = (8800 Gbps) + 550 Gbps
Switch BW Capacity = 9350 Gbps
Full Duplex Switch BW Capacity = (9350 Gbps) * 2
Full Duplex Switch BW Capacity = 18.7 Tbps
Redundant Design

“The 5 Nines of Availability”

99.999 Percent Uptime
Approx. 5 Min. of Downtime/Year
Redundant Design

Higher Costs
• Redundant Components
• UPS/Generator

• FHRP
 Redundant Design

Types of Backups
• Full: Backs up all data.

• Differential: Backs up changes

since last full backup.

• Incremental: Backs up all changes

since last full, differential, or
Backup incremental backup.
Enterprise Data Center
Storage • Snapshot: Backs up entire server,
including state information.
 Redundant Design

• Power
• HVAC
• Floor Space

Enterprise Data Center Cold Site

• Power
• HVAC • Power
• Floor Space • HVAC
• Server Hardware • Floor Space
• Synchronized Data • Server Hardware

Hot Site Warm Site

 Hot Standby Router Protocol (HSRP)
Internet
[Link]
Hello (3 seconds)
Virtual Router
R1 Gig 0 4 R2
/1: 10 / 2
Active .1.1.2 0 . 1 .1.3 Standby
Active
/24 / 1: 1
Gig 0
SW1

IP: [Link]
DG: [Link]

PC 1
Virtual Router Redundancy Protocol (VRRP)
Internet
[Link]
Advertisement Interval (1 second)
Virtual Router
R1 Gig 0 4 R2
/1: 10 / 2
Master .1.1.1 0 . 1 .1.2 Backup
Master
/24 / 1: 1
Gig 0
SW1

IP: [Link]
DG: [Link]

PC 1
 Gateway Load Balancing Protocol (GLBP)
The MAC address of The MAC address of
[Link] is [Link] is
1111.1111.1111. 2222.2222.2222.
Internet

AVG
R1 R2
• Round-Robin
AVF Virtual IP: [Link] AVF
MAC: 1111.1111.1111 MAC: 2222.2222.2222
Host-Dependent
•

• Weighted ARP
ARP SW1 What is the MAC address
What is the MAC address of [Link]?
of [Link]?

PC1 Active
ActiveVirtual
VirtualForwarder
Gateway (AVG)
(AVF) PC2
Responds to ARP queries
Forwardsasking
trafficforoffthe
of MAC
the local
address
subnet.
of a default gateway.
Default Gateway: [Link] Default Gateway: [Link]
 Stateful Switchover (SSO)

RP1 Neigh
borsh
ip

R1 ip
R2
o r s h
eig h b
N
RP2

The Main Issue: Failing over to a backup route processor might cause
routing protocol neighborships to reset.
 Stateful Switchover (SSO)

RP1 Neigh
borsh
ip

R1 ip
R2
o r s h
eig h b
N
RP2
SSO: Sync (Config and State Information)
The Secondary Issue: Packets might be dropped until the forwarding
table is rebuilt.
 Stateful Switchover (SSO)

RP1
CEF Neigh
borsh
ip

R1 ip
R2
o r s h
eig h b
N
RP2
SSO: Sync (Config and State Information)

Nonstop Forwarding (NSF): Makes the routing information maintained by

CEF available to the backup route processor
Wireless LAN (WLAN)
Design Considerations
Wireless Deployment Options
 Wireless Deployment Options

Autonomous Access Points (APs)

• Standalone, independent devices
• Home or small office environments
• Controller-less deployment model
• Not commonly used in large enterprise networks
 Wireless Deployment Options

Management IP address: Management IP address:

[Link] [Link]
 Wireless Deployment Options

Lightweight Access Points (APs)

• Requires central wireless LAN controller (WLC)
• Controller-based deployment model
• WLCs can be physical or virtual
• Controller communicates changes to the APs
• Control and Provisioning of Wireless Access Points (CAPWAP)
 Wireless Deployment Options

WLC CAPWAP Tunnels

AP 1 AP 2 AP 3
 Wireless Deployment Options
VLAN 100 VLAN 100
WLC1 WLC2

CAPWAP Tunnels

Network:
AP1 [Link]/24 AP2

[Link] [Link]
 Wireless Deployment Options
VLAN 100 VLAN 200
WLC1 CAPWAP WLC2
Anchor Foreign
Controller Controller
CAPWAP Tunnels

AP1 Network: Network:

AP2
[Link]/24 [Link]/24

[Link] [Link]
 Wireless Deployment Options

Cisco FlexConnect:
• Configure and control remote wireless network
• Similar to Layer 3 roaming with CAPWAP

Central Switched:
• Normal CAPWAP mode of operation
• Typically not the recommended mode

Local Switched:
• Map user traffic to VLAN on adjacent switch
• Control and management traffic still sent over CAPWAP to WLC
Location Services
 Location Services

Use Cases for Location Services:

• Enterprise asset tracking
• Location-based advertising
 Location Services

RSS = Received Signal Strength -35 dBm

-45 dBm

-75 dBm
 Location Services

Cisco Solutions:
• Real-Time Location Services (RTLS)
• Cisco DNA Spaces
• Cisco Meraki platform
Software-Defined WAN
(SD-WAN)
Overview of SD-WAN Technology
 Overview of SD-WAN Technology

Enterprise WAN:
• Dedicated circuits traditionally used
• Provide reliability and security
• Rise in cloud usage requires simplicity
 Overview of SD-WAN Technology

Software-Defined Wide Area Network (SD-WAN)

• Traffic backhauling no longer required
 Overview of SD-WAN Technology

Inspection and
Security Services

MPLS Circuit Data Center

Office
 Overview of SD-WAN Technology

Inspection and
Security Services

MPLS Circuit

• End-to-end traffic encryption and inspection through SD-WAN

• Next generation security mechanisms added
• Anti-malware systems, botnet control intervention, etc.
Overview of SD-WAN Technology
SD-WAN Overlay = Virtual Infrastructure

SD-WAN
Controller

Underlay Network = Physical Infrastructure

SD-WAN Implementation
 SD-WAN Implementation

Cisco SD-WAN:
• Data plane
• Control plane
• Management plane
• Orchestration plane
 SD-WAN Implementation
vManage: User interface Management &
Orchestration
vBond: Orchestration and provisioning Plane

vSmart: SD-WAN - Policy Enforcement Control

Communicates via Overlay Management Protocol (OMP) Plane

Data
Cisco vEdge: Edge routers
Plane
 SD-WAN Implementation
Cloud Physical
Data Data
Center Center

LTE
MPLS

Main Satellite
Campus
BR2
Secure provisioning
and configuration

BR1
 SD-WAN Implementation
Cloud Physical
Data Data
Center Center

Edge Router Hardware Platforms:

• Cisco vEdge routers running Viptela OS
• ISR 1000 and 4000 Series routers
LTE
MPLS • ASR 1000 Series routers

Main Satellite
Campus Edge Router Software Platforms:
BR2
• CSR 1000v Router
• vEdge Cloud Router running Viptela OS

BR1
[Link]/go/sdwandemos
 Software-Defined
Access (SD-Access)
 Overview of SD-Access Technology

SD-Access Advantages:
• Next-generation policy enforcement
• Security Group Access Control Lists (SGACLs)
• Policies are based on identity rather than addresses
 Overview of SD-Access Technology

SD-Access Advantages:
• Secure network segmentation
• Virtualization of physical network
• Separate virtual networks can have separate policies
Overview of SD-Access Technology

Campus Fabric
 Overview of SD-Access Technology

• Virtual overlay network

• Ideally used with Cisco DNA Center
• NETCONF/YANG management
• Overcomes limitations found in traditional
network architecture

Campus Fabric
Overview of SD-Access Technology

Overlay Network

Underlay Network
 Overview of SD-Access Technology
SD-Access Fabric

Control Plane Data Plane Policy Plane

• LISP encapsulation • VXLAN Tunneling • Cisco TrustSec

• Simplified routing • Virtual networks • Security groupings
 Overview of SD-Access Technology
Cisco DNA Center GUI MANAGEMENT

Cisco DNA Center Cisco ISE CONTROLLER

Underlay Network SD-Access Overlay NETWORK

PHYSICAL
 On-site Server Room

Fabric Control Plane Node Fabric Border Node

Fabric Intermediate Nodes

SD-Access Fabric
Fabric Edge Nodes

End User Devices

 On-site Server Room

Fabric Border Nodes

Internal Border Node

• Connects only to known areas or the organization
Fabric Control Plane Node Fabric Border Node

Default Border Node

• Connects only to unknown external networks
Fabric Intermediate Nodes
Anywhere Border Node
• Connectivity to both inside and outside public networksSD-Access Fabric
Fabric Edge Nodes

End User Devices

 On-site Server Room

Fabric Control Plane Node Fabric Border Node

Fabric Intermediate Nodes

SD-Access Fabric
Fabric Edge Nodes

End User Devices

 On-site Server Room

Traditional Wireless:
CAPWAP Tunnel between SD-Access Fabric
AP and WLC for all traffic
 On-site Server Room

SD-Access Wireless:
CAPWAP Tunnel between SD-Access Fabric
AP and WLC only for
management traffic
VXLAN Tunnel:
Data from AP to network
On-site Server Room

SD-Access Fabric
Quality of Service (QoS)
 Do You Need QoS?
Gig Fast E IP WAN
SW1 R1
Speed Mismatch

Server 1 Gig

Gig Gig
Server 2 Gig SW2

Server 3 Aggregation Point

 Do You Need QoS?
Gig Fast E IP WAN
SW1 R1

Periodic
Congestion
3 Categories of QoS

Best Not Strict

Effort

Less Strict
DiffServ

Strict
IntServ
Common QoS Mechanisms

• Classification and
Marking
• Queuing
• Congestion Avoidance
• Policing and Shaping
• Link Efficiency
 Common QoS Mechanisms
Best
VoIP
VoIP Effort

• Classification and
Marking
• Queuing
• Congestion Avoidance
• Policing and Shaping
• Link Efficiency
Common QoS Mechanisms

• Classification and
Marking
• Queuing
• Congestion Avoidance
• Policing and Shaping
• Link Efficiency
Common QoS Mechanisms

• Classification and
Marking
• Queuing
• Congestion Avoidance
• Policing and Shaping
• Link Efficiency
Common QoS Mechanisms

• Classification and
Marking
• Queuing
• Congestion Avoidance
• Policing and Shaping
• Link Efficiency
 Wi-Fi Multimedia (WMM)

4 Access Categories 802.1P

AC_VO (Voice) 6&7
AC_VI (Video) 4&5
• IEEE 802.1P markings map to WMM access AC_BE (Best Effort) 0&3
categories
AC_BK (Background) 1&2
• Access category determines Interframe
Space (IFS) and Random Backoff Timer
 Class of Service (CoS)
IEEE 802.1Q Frame

Tag Control
Information Bytes

PRI CFI VLAN ID

CoS Bits
 Type of Service (ToS) Byte
Traffic Class Byte in IPv6
IPv4 or IPv6 Packet

ToS Byte

1 2 3 4 5 6 7 8

IP Precedence

DSCP
RED Drop Ranges
 RED Profiles
Probability of Full Dropping
Discard
100 %
Drop Drop Drop
Profile Profile Profile
for for for
AF13, AF12, AF11,
AF23, AF22, AF21,
AF33, & AF32, & AF31, &
25 % AF43 AF42 AF41

Average
25 30 35 100 Queue
Depth
 CIR = Bc / Tc
CIR (Committed Information Rate) = AVERAGE speed over the period of a second

Bc (Committed Burst) = Number of bits (for shaping) or bytes (for policing) that are deposited in the token bucket
during a timing interval
128 kbps
Tc (Timing Interval) = The interval at which tokens are deposited in the token bucket
Line Speed

Tc 1 Tc 2 Tc 3 Tc 4 Tc 5 Tc 6 Tc 7 Tc 8
Timing Intervals
Switching Mechanisms
Process Switching
 Process Switching

Process Switching:
• Oldest method for Cisco IOS switching
• Every packet is inspected by CPU
Process Switching
 Process Switching

Process Switching:
• Processor is directly involved with every packet
• Not ideal in modern networks
• Available on every Cisco router platform
• Debugging uses process switching
Cisco Express Forwarding (CEF)
 Cisco Express Forwarding (CEF)

Cisco Express Forwarding (CEF):

• Most preferred Cisco IOS switching process
• Default in most modern Cisco IOS devices
• Optimized lookup and efficient packet handling
 Cisco Express Forwarding (CEF)

CEF Benefits:
• Less CPU-intensive than older switching methods
• Distributed CEF (dCEF) allows line card forwarding
• CEF Forwarding Information Base (FIB)
• CEF Adjacency Table
 Cisco Express Forwarding (CEF)

CEF Forwarding Information Base (FIB):

• Similar to a routing table
• FIB is updated with each routing table update
• Processor is not involved with route lookup
• FIB is a more efficient lookup structure

Forwarding
Information
Base
 Cisco Express Forwarding (CEF)

CEF Adjacency Table:

• Information about directly connected devices
• Adjacency = reachable via single link-layer hop
• Layer 2 next-hop address maintained in table

Adjacency
Table
 SW1

[Link] /24
Gig 0/1 .1

R1
Gig 0/2 .1
CEF Demo [Link] /24
Gig 0/1 .2

R2
Gig 0/2 .1
[Link] /24

SW2
CAM vs. TCAM
 CAM vs. TCAM

Content Addressable Memory (CAM)

• Layer 2 switching
• Source MAC addresses recorded in CAM table
• Used to determine ports for frame delivery
 CAM vs. TCAM

Content Addressable Memory (CAM)

• Arrival port number, source MAC address, and arrival timestamp
• Stale entries removed after aging timer expires
• Default aging timer is 300 seconds
• Switch(config)#mac address-table aging-time <seconds>
 CAM vs. TCAM

Content Addressable Memory (CAM)

• True (1) or False (0) value returned upon lookup
• Searches for exact binary match
 CAM vs. TCAM

Ternary Content Addressable Memory (TCAM):

• Some L2 switches use TCAM for QoS
• Primarily a multilayer switch component
• Access Control Lists (ACLs) commonly use TCAM
 CAM vs. TCAM

Ternary Content Addressable Memory (TCAM):

• Extension of the Content Addressable Memory (CAM)
• Returns True (1), False (0), or Do Not Care (X)
• Ternary = mathematical value based in three
 CAM vs. TCAM

Ternary Content Addressable Memory (TCAM):

• TCAM uses VMR format (value, mask, and result)
• Value = IP addresses, protocol ports, etc.
• Mask = mask bits associated with matching values
• Result = permit, deny, QoS policing, etc.
 MAC Address
fcfb.fb97.a980

SW1
Fa
1/

Fa 1/0/13
0/
14

CAM and TCAM

Demo

Fa 0/3
Fa
0/
3
Fa 0/1 Fa 0/1
Fa 0/2 Fa 0/2
SW2 SW3
MAC Address MAC Address
[Link].ea00 0014.69ac.2000
FIB vs. RIB
 FIB vs. RIB

Forwarding Information Base (FIB)

• IP forwarding table or CEF table
• IP destination prefix-based switching decisions
 FIB vs. RIB

Forwarding Information Base (FIB)

• FIB capacity can dictate forwarding efficiency
• Modern ASICs provide line-speeds
• dCEF offloads the FIB to line card modules
FIB vs. RIB

Routing Information Base (RIB)

• IP routing related information stored
• Used by all routing protocols (OSPF, BGP, etc.)
• Learned routes inserted into RIB
• Unreachable routes removed and RIB updated
• Dynamic, static, and directly connected routes
 FIB vs. RIB
BGP Table EIGRP Table OSPF LSDB

BEST PATH

RIB IP Routing Table

FIB CEF Table